tags 479512 confirmed upstream thanks On Mon, May 05, 2008 at 10:31:00AM +0200, Michal Suchanek wrote: > Package: samba > Version: 1:3.0.28a-2 > Severity: important
> The samba server always tries to connect to a cups server, even when > there are no printing shares, and "load printers" is set to no. > When this server does not respond (as it drops the packets) samba blocks > indefinitely trying to connect to the server failing to open its > listening sockets at all. > This is serious usability, and possibly security bug. The server fails > when another service that is not even required for proper operation > fails. FWIW, I can only confirm this bug if cupsys is *not* running on localhost. If it is running, then libcupsys by default uses the unix socket /var/run/cups/cups.sock, and samba is able to connect in spite of any firewalling. If cups is not running, then I can reproduce the problem with the following configuration: # /etc/init.d/cupsys stop Stopping Common Unix Printing System: cupsd. # testparm --parameter-name='load printers' -s -v 2>/dev/null No # iptables -A INPUT -p tcp -d 127.0.0.1/8 --dport 631 -j DROP # telnet localhost ipp Trying 127.0.0.1...<hangs> ^C # /etc/init.d/samba restart Stopping Samba daemons: nmbd smbd. Starting Samba daemons: nmbd smbd<hangs> ^C # I agree that this is a bug that should be corrected. > I never had cups running but the question if the server is actually > running is irrelevant when the packets are dropped by networking > (because they are not to a service I intend to run). Dropping packets instead of rejecting them is a pathological firewalling policy. I strongly recommend against doing this. > The problem occured with localhost but I would expect there is an > option for using remote cups, and networking problems could have > similar results. Yes, you can configure samba to use a remote cups server by setting ServerName in /etc/cups/client.conf. But why would you ever do that if you didn't actually intend to point CUPS at a viable server...? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
